In the out_err_bus_register error branch of tpci200_pci_probe,
tpci200->info->cfg_regs is freed by tpci200_uninstall()->
tpci200_unregister()->pci_iounmap(..,tpci200->info->cfg_regs)
in the first time.
But later, iounmap() is called to free tpci200->info->cfg_regs
again.
My patch sets tpci200->info->cfg_regs to NULL after tpci200_uninstall()
to avoid the double free.
Fixes: cea2f7cdff2af ("Staging: ipack/bridges/tpci200: Use the TPCI200 in big endian mode")
Signed-off-by: Lv Yunlong <[email protected]>
---
drivers/ipack/carriers/tpci200.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/ipack/carriers/tpci200.c b/drivers/ipack/carriers/tpci200.c
index ec71063fff76..e1822e87ec3d 100644
--- a/drivers/ipack/carriers/tpci200.c
+++ b/drivers/ipack/carriers/tpci200.c
@@ -596,8 +596,11 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
out_err_bus_register:
tpci200_uninstall(tpci200);
+ /* tpci200->info->cfg_regs is unmapped in tpci200_uninstall */
+ tpci200->info->cfg_regs = NULL;
out_err_install:
- iounmap(tpci200->info->cfg_regs);
+ if (tpci200->info->cfg_regs)
+ iounmap(tpci200->info->cfg_regs);
out_err_ioremap:
pci_release_region(pdev, TPCI200_CFG_MEM_BAR);
out_err_pci_request:
--
2.25.1
On Mon, Apr 26, 2021 at 08:35:47AM -0700, Lv Yunlong wrote:
> In the out_err_bus_register error branch of tpci200_pci_probe,
> tpci200->info->cfg_regs is freed by tpci200_uninstall()->
> tpci200_unregister()->pci_iounmap(..,tpci200->info->cfg_regs)
> in the first time.
>
> But later, iounmap() is called to free tpci200->info->cfg_regs
> again.
>
> My patch sets tpci200->info->cfg_regs to NULL after tpci200_uninstall()
> to avoid the double free.
>
> Fixes: cea2f7cdff2af ("Staging: ipack/bridges/tpci200: Use the TPCI200 in big endian mode")
> Signed-off-by: Lv Yunlong <[email protected]>
> ---
> drivers/ipack/carriers/tpci200.c | 5 ++++-
This is not a staging driver, why does your subject line say that?
thanks,
greg k-h
> -----原始邮件-----
> 发件人: "Greg KH" <[email protected]>
> 发送时间: 2021-04-27 00:21:06 (星期二)
> 收件人: "Lv Yunlong" <[email protected]>
> 抄送: [email protected], [email protected], [email protected], [email protected]
> 主题: Re: [PATCH] Staging:ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
>
> On Mon, Apr 26, 2021 at 08:35:47AM -0700, Lv Yunlong wrote:
> > In the out_err_bus_register error branch of tpci200_pci_probe,
> > tpci200->info->cfg_regs is freed by tpci200_uninstall()->
> > tpci200_unregister()->pci_iounmap(..,tpci200->info->cfg_regs)
> > in the first time.
> >
> > But later, iounmap() is called to free tpci200->info->cfg_regs
> > again.
> >
> > My patch sets tpci200->info->cfg_regs to NULL after tpci200_uninstall()
> > to avoid the double free.
> >
> > Fixes: cea2f7cdff2af ("Staging: ipack/bridges/tpci200: Use the TPCI200 in big endian mode")
> > Signed-off-by: Lv Yunlong <[email protected]>
> > ---
> > drivers/ipack/carriers/tpci200.c | 5 ++++-
>
> This is not a staging driver, why does your subject line say that?
>
> thanks,
>
> greg k-h
I see the fixes cea2f7cdff2af has added the subsystem name in subject, so i guess
that the "Staging" may be an alias of this module. Sorry, i will name the subject
line more carefully in future.